F5 Networks has released a whitepaper which focuses on data breaches, primary root causes, targets, visibility and general options that lead to improved security that could limit these data breaches.
The whitepaper, titled “Lessons Learned from a decade of Data Breaches”, includes research results from 433 breach cases spanning over last 12 years, 37 industries and 27 countries, in order to discover patterns in the initial attacks that lead to the breach. When it comes to data breaches, the combination of visibility, logging, monitoring, alerting and communication, have many points of failure, which is why companies have to focus on the primary root.
The whitepaper also focuses on identifying where organizations are most likely to be attacked in a way that could result in a data breach as well as offers insight in efforts that can be done in order to mitigate attacks.
According to gathered data, only 79 percent of reported cases had breach counts publicized and only 49 percent and 40 percent had enough data to determine the initial attack vector and a root cause, respectively. The research also suggests that applications were the initial targets in 53 percent and identities were targeted in 33 percent of breaches, which adds up to a staggering 86 percent.
According to details, over 1 billion credit card numbers were stolen, half a billion personal health information, 22 million biometric records, 275 million Social Security Numbers (SSNs) and other information were all compromised in just 338 breaches that were researched.
Although the research only focuses on “a small number” of known breaches, the figures are worrisome, as in 338 cases, almost twelve billion records were compromised, or almost 35 million records per breach. Usernames, passwords, and e-mail addresses were stolen in the majority of the cases, which is not that surprising considering these exist in almost every dataset online. While passwords were stored in plain text in many cases, even when they are hashed or salted, in some cases, these were relatively simple mechanisms that were not that hard to crack.
As noted, the whitepaper also focuses on a root cause that was identified in 40 percent of cases analyzed, and 38 percent were from web app vulnerability. Next in line were phishing, theft, unauthorized access while only 4 percent were by employee mistake, malware, spam and other causes.
The whitepaper also researched the percent of cases by industry where the big part comes from healthcare, 18 percent, technology, 13 percent, online gaming, 10 percent, and 13 percent from online dating, gambling, and other sites. The biggest breach was in retail, 49 percent, followed by government with 17 percent.
What makes the things even more serious is the fact that there were 42 cases where the company had no idea that breach happened.
Cyber-attacks have recently grown in numbers and there are paths that companies can go in order to at least minimize the chance of such data breaches or at least be aware of them when they happen.
You can find the full “Lessons Learned from a decade of Data breaches” whitepaper over at the F5 Networks site.